the reason software engineers do not need licence because it is left to the pentesters and employers to do it for regulation purposes. however it does not mean that engineers must ignore basic security foundations. In centralised organisation, there is bigger incentive to keep the system secure due to reputational and monetary consequences. Hence, they hire the likes of cyber sec like pentesters who are regulated and insured to go in and look for vulnerabilities within the scope.
The question is, who is responsible when it comes to decentealise platforms which I raised previously from my notes.
I also ask, if someone will go in and snoop around nostr clients — do we have breach disclosure channel to report it to and consent?
This is left unanswered atm. 😬☺️
